chaospatterns
@chaospatterns@lemmy.world
- Comment on Google flags Immich sites as dangerous 1 day ago:
How would that work? The use case is for previews for pull requests. Somebody submits a change to the website. This creates a preview domain that reviewers and authors can see their proposed changes in a clean environment.
CloudFlare pages gives this behavior out of the box.
- Comment on Google flags Immich sites as dangerous 1 day ago:
It is for pull requests. A user makes a change to the documentation, they want to be able to see the changes on a web page.
If you don’t have them on the open web, developers can’t see the previews.
The issue they had was being marked as phishing, not the SSL certificate warning page.
- Comment on Why do so many put their resources in AWS us-east-1 when that's the only one (that I'm aware of) that has ever gone done? 4 days ago:
Some people are asking why other regions seem to be affected when us-east-1 goes down. Why aren’t they separated out? I used to work in AWS, but will speak generally.
First, it’s important to understand the concept of a control plane vs a data plane. Amazon and other big scale companies often talk in terms of control plane/data plane separation because those two concepts have wildly different scale and requirements.
A control plane is the side of your service that handles the administrative functions of a service. For example, AWS S3 service would separate out bucket creation and deletion work from the file create/edit. In Route 53, this would be creating and editing zones. In IAM, it’s the creation of AWS access keys for IAM users. IAM Roles, IIRC, work differently and can function more in the data plane.
A data plane is the side of the service that handles the main meat and potatoes of a service. For example, AWS S3 any object key creates, edits, deletes would all be part of the data plane. In Route 53, these would be any DNS call. I don’t know if updating a record was considered a data plane call or not.
These are separated out because data plane generally massively dwarf the number of calls for administrative APIs. It’s also done because control plane calls often times have some extra complexities. Like in Route 53, to create a zone means you need to go find n different name servers that can handle a given domain name without overlapping with another customer, you need to tell them that they should now handle calls, you need to get the records to those servers running all over the world.
The fact is Route 53 is globally replicated and they need to have a source of truth and engineering culture pushes Amazon towards a pull based approach. If a user creates a zone in eu-west-1, they still expect it to be on servers all over the world, so how do you get it there? Well, AWS takes the approach that certain services can have a single region dependency for their control plane in the case that it’s infeasible technically or to the business to avoid one, however the data plane of the service can’t have that dependency.
- Comment on Why do so many put their resources in AWS us-east-1 when that's the only one (that I'm aware of) that has ever gone done? 4 days ago:
N. California as a region can’t grow and it’s priced accordingly. Instead, compare US East (Ohio) or US West (Oregon) for a region that’s price competitive. A lot of Amazon internal stuff was starting to move to US East (Ohio) because it was geographically close, but a lot less problematic.
- Comment on Open-WebUI v0.6.29 release 5 weeks ago:
A newer release, v0.6.30 is already released to fix an issue with OneDrive integration.
Looks like they finally finally made their slim image tag smaller than the main image:
ghcr.io/open-webui/open-webui:v0.6.30-slim 7c61b17433e8 46 hours ago 4.3GB ghcr.io/open-webui/open-webui:v0.6.30 c1ac444c0471 46 hours ago 4.82GB
Though only saving .5GB of space is not very slim. I use OpenWebUI in my home lab, but this issue just made me question the quality of the project a tiny bit.
- Comment on 1 month ago:
Depends on the watermark method used. Some people talk about watermarking by subtly adjusting the words used. Like if there’s 5 synonyms and you pick the 1st synonym, next word you pick the 3rd synonym. To check the watermark you have to access to the model and probabilities to see if it matches that. The tricky part about this is that the model can change and so can the probabilities and other things I don’t fully understand.
- Comment on Need some help with networking - tailscale, gluetun etc 1 month ago:
How do you expect the packets to actually route? If you run Tailscale and your VPN on your phone, they might fight with each other for control of the routing table.
If you’re trying to use Tailscale exit note to then route through Tailscale to one node running gluetun to Mullvad. That’s going to be complex because against they both want to mess with the routing table.
Tailscale natively supports Mullvad: tailscale.com/mullvad
- Comment on Need some help with networking - tailscale, gluetun etc 1 month ago:
Okay it was a little hard to read since your post was missing formatting. TS_SUBNETS is what controls what CIDRs are announced through Tailscale. Since you’re not using Docker networking for Jellyfin, it would be whatever subnet the host is on. Maybe it’s 192.168.x.y
- Comment on Need some help with networking - tailscale, gluetun etc 1 month ago:
Gluetun doesn’t make any sense here. You’re forcing all the traffic for from Jellyfin to go through Mullvad, but you need to be able to connect to Jellyfin because Jellyfin is a service you connect to.
Since your Tailscale is host network mounted, you’ll be able to expose your Docker network subnets over Tailscale then access Jellyfin.
You probably intend to gluetun your downloading software, not Jellyfin.
- Comment on Google gets to keep Chrome, judge rules in search antitrust case 1 month ago:
Was that anything more than just rumors? Letting a currently monopolistic company keep the browser because another bad billionaire might buy it and do something bad with it just prevents anything from changing.
- Comment on 1U mini PC for AI? 1 month ago:
Your options are to run smaller models or wait. llama3.2:3b fits on my 1080 Ti VRAM and is sufficiently fast. Bigger models will get split between VRAM and RAM and run slower but it’ll work.
Not all models are Gen AI style LLMs. I run GPU based speech to text models on my GPU too for my smart home.
- Comment on Google will require developer verification for Android apps outside the Play Store 1 month ago:
Who organized this form? Is there something official to make it look like it’s not just signing me up for spam?
- Comment on 👁️🐽👁️ 1 month ago:
That’s also why certain contact lenses can’t be worn overnight or for long periods of time because they aren’t as breathable. At least that’s what my eye doctor said when I got them.
- Comment on Help setting up a selfhosted VPN at home 2 months ago:
I use a variant of this: github.com/linuxserver/docker-wireguard
You don’t need two different containers for this. They’re going to either fight each other for control over the networking tables or run wireguard in wireguard
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 2 months ago:
So I had a chance to try this out. It wasn’t on Google Play Store, only F-Droid. There isn’t really SSO support, you either login with User/Password or a token. Instead, I login with my browser, get the token and paste it in. That works fine, but an ideal world is just pop up an browser WebView and go through the flow, then grab the token. Maybe it was intentional, but PaperlessShare registered as an Open handler for PDFs and the share menu, whereas this is only share menu.
Overall, it does the job and gets my docs uploaded.
- Comment on Study: Social media probably can’t be fixed 2 months ago:
My prediction is that manually reviewing user creation won’t scale to a high level and unless systems develop spam detection and reputation management similar to email then it’s not going to be limited to just one or two bad instances.
Its trivial to create my own instance with a new domain and there’s no limitations against sending ActivityPub messages to a server. Unfortunately the simplest fix is for big instances to restrict what instances can communicate to it, but that causes centralization.
Plus, we don’t need to be huge. There’s no benefit from it.
The benefit is breadth and depth of communities. Reddit is great because if you are interested, there’s a bunch of people talking about it.
- Comment on Systemd Service Hardening 2 months ago:
How hard would it be to contribute these improvements back to the project in the form of either distro package updates or documentation changes? Did you consider that?
- Comment on GitHub - gmag11/Paperless_ngx_uploader: a simple Android app to upload documents to a Paperless-NGX server using the native share intent. 2 months ago:
Can you expand on the OIDC/OpenID support? Does it support SSO based authentication to Paperless?
- Comment on Leaving GitHub. Music server alternatives? 2 months ago:
I respect your strong ethics and sticking to them, but saying they people support genocide for using software hosted on GitHub is an extreme position.
Do you drive a car or fly a plane? Then you must have no red lines against climate change.
- Comment on Self-hosted blog - do I need a static IP address? 2 months ago:
- Comment on Itch.io has begun restoring NSFW content, but only if it’s free 2 months ago:
The problem is the payment processor. There’s only so many of them that customers actually choose to use.
- Comment on Mastercard release a statement about game stores, payment processors and adult content 2 months ago:
buy a stock through a company like Fidelity where is the stock actually held and that was layers of public/private companies/corporations
- Comment on OpenAI’s Sam Altman warns of AI voice fraud crisis in banking 2 months ago:
How about some Yubikeys or smart cards instead of something that requires me to scan my retina and share it with Sam Altman
- Comment on I'm setting up a Windows 11 laptop for my uncle. Is there a sneaky way to make it block right-wing bullshit websites? 2 months ago:
If you alter it to 0.0.0.0 then it shouldn’t pop an SSL error, it would be a connection failed error.
- Comment on Just created my own zero trust network! 3 months ago:
Right. Zero trust means at the very least you need to add AuthN and AuthZ to every endpoint with no exceptions for internal IP addresses.
- Comment on Photo management - storing friends' photos 3 months ago:
Encryption at rest just means the data itself is encrypted when stored on disk and the key is somewhere. It doesn’t dictate that the key is not visible to the server.
Encryption in transit refers to an encrypted channel from client to server.
E2E encryption usually refers to encryption from one entity to another where any intermediary servers do not have the ability to decrypt
Source: too many years doing application security at my job
- Comment on Homemade polarimetric synthetic aperture radar drone 3 months ago:
After I read this, I thought it would be really cool to try to make this myself. But then I realized I’m barely able to get a simple circuit working much less one that involves complex RF signalling.
- Submitted 3 months ago to electronics@discuss.tchncs.de | 2 comments
- Comment on Automatic Transfer Switch PDU in The Homelab - Does it make sense? 3 months ago:
The point seems to be able to handle a UPS failure
- Comment on Senate GOP budget bill has little-noticed provision that could hurt your Wi-Fi 3 months ago:
WiFi is on all three bands. It’s not so much what’s newer vs older. Newer devices tend to support 2.4, 5, and 6 and switch between them based on quality of signal and support by the WiFi network. Higher frequencies like 5 and 6GHz are generally better because there’s less interference.
Cheaper devices tend to only support 2.4GHz